This post was modified on 04/26/19 to include clarification on the credential expiration issue with the local SEGadmin account.
While support for Secure Email Gateway (SEG) Classic is going away by early May 2019, it’s still worth documenting for those who may not be ready to set up or migrate to SEG V2 just yet.
Steps should be relatively the same whether it be Exchange 2010, 2013 or 2016. The same goes with either console version 9.x or 18.xx and above. My screenshots were based on console version 9.4 and SEG version 9.5.
My sequence with this setup is a little different from what AirWatch recommends per their online documentation. I also confirmed with VMware support on this.
- Pre-requisites for Implementation of SEG (Classic Platform)
- Enable Basic Authentication – Moved up from step 3
- Configure the Classic Platform – Moved down from step 2
- Install the SEG (Classic Platform)
- Configure the Classic Platform with the SEG Setup Wizard
Pre-requisites for Implementation of SEG (Classic Platform)
Follow the relevant sections (i.e. hardware, software, network, certificate, etc.) within the link. For instance, below we enabled SOAP API.
You may also enable REST API ahead of SEG V2 migration.
I suggest creating both the “SOAP API General” role and the SEG Admin Account required during SEG configuration now before proceeding further.
In here, you must grant Edit permission (confirmed with VMware support.)
Create an SEG Admin Account. It does not need access to the console other than making API call. Like any basic account, the credential expires after 30 days starting with console version 9.4 which applies to the SEG Admin account as well. Per the link below, however, this would be OK until you are ready to upgrade your SEG at which point a new credential might need to be set.
“In environments in which basic authentication was used during the initial installation of the SEG (V2 or Classic) updated credentials will only need to be used when upgrading or reinstalling the SEG. After the setup procedure, SEG uses Certificate/CMS for authentication and, therefore, basic credentials are only required to establish initial communication.”
You may also work with VMware support to extend the expiration date for ALL basic accounts from the default 30 days to 9999 days.
Enable Basic Authentication
This step is optional on the SEG server. Otherwise, anonymous authentication will be used.
Configure the Classic Platform
Install the SEG (Classic Platform)
Configure the Classic Platform with the SEG Setup Wizard
API Hostname: https://asXXX.awmdm.com or your internal API URL.
To validate connectivity to Microsoft Exchange ActiveSync (EAS) from the SEG server, open a web browser and go to https://your-SEG-URL.com/microsoft-server-activesync. If the connection is successful, you should be prompted for your username and password.
As always, stay mobile!